1. Field of Invention
Embodiments of the present invention generally relate to network security, and more specifically, to deploying a security credential for an application deployed in a cloud.
2. Description of Related Art
Security of confidential information remains a vital concern for any entity that stores sensitive information or transmits it across both secure and insecure networks alike. Many systems employ a credential store to identify and authenticate specific users of a system and control that specific user's access to certain applications, files and other sensitive data. Perhaps the most common authentication mechanism is a password. Static, user-selected passwords are inherently limited as protection devices, however, because of the relatively small number of bits of information they contain. In addition, users tend to select easy-to-guess passwords, thereby compromising the authentication process.
One-time passwords overcome many of these limitations. In a one-time password system the password changes every time it is used. Instead of a static phrase, the system assigns a static mathematical function. The result is a “dynamic password.” In one dynamic password system, the system provides an argument for the function and the user computes and returns the function value. This approach is termed “challenge/response.” In challenge/response, a password generating device such as a token card receives a value from the system and computes a one-time password by plugging the value into a complex mathematical function. The one-time password is then transmitted to the system in order to authenticate the user. Challenge/response devices can be implemented in either hardware or software and are very effective for user authentication.
Additionally, smart cards have been proposed for use in user authentication. For instance, smart cards can be used to carry a user's identity securely and conveniently. In a typical smart card authentication system, users approach a terminal and insert their smart cards into a smart card reader. The system queries the smart card through the smart card reader and performs a user authentication based, for instance, on a one-time password.
Public key cryptography promises an even more effective means of authenticating a user. In public key cryptography, cryptographic keys come in public key/private key pairs. The public key is used for encrypting data while the private key is used for decrypting data. For instance, the public key/private key pair could be assigned to a user. Here, the public key could be used by others to encrypt data, while the encrypted data can only be read by the owner of the corresponding private key.